Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    eef6de2aa1bd2eae72a298c9366292cfd669e0756acc393e12433799fcdd51d3

  • Size

    693KB

  • Sample

    230323-bahgbsed7t

  • MD5

    12e807ba9bb14886caea8614bf81f93a

  • SHA1

    40217f3da8cf807cda9876193d85255966656080

  • SHA256

    eef6de2aa1bd2eae72a298c9366292cfd669e0756acc393e12433799fcdd51d3

  • SHA512

    8c7b54bc8016b58adfcbf3f829f6b554ed5a3797c9890aef463bcf323fb8bf3b99e0c945fd856e45c1f5d50f8a039b115194e22e8bf1724d850fef7c1c9390b9

  • SSDEEP

    12288:06MYN3WJ6cYHSMNsYRHb1TbVwRfI3FiZOG5O5Vw5QyT9P8FoR+:0qWgcYHSMOK7Y+1ilI5VwmyT98Fx

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Extracted

Family

redline

Botnet

real

C2

193.233.20.31:4125

Attributes
  • auth_value

    bb22a50228754849387d5f4d1611e71b

Targets

    • Target

      eef6de2aa1bd2eae72a298c9366292cfd669e0756acc393e12433799fcdd51d3

    • Size

      693KB

    • MD5

      12e807ba9bb14886caea8614bf81f93a

    • SHA1

      40217f3da8cf807cda9876193d85255966656080

    • SHA256

      eef6de2aa1bd2eae72a298c9366292cfd669e0756acc393e12433799fcdd51d3

    • SHA512

      8c7b54bc8016b58adfcbf3f829f6b554ed5a3797c9890aef463bcf323fb8bf3b99e0c945fd856e45c1f5d50f8a039b115194e22e8bf1724d850fef7c1c9390b9

    • SSDEEP

      12288:06MYN3WJ6cYHSMNsYRHb1TbVwRfI3FiZOG5O5Vw5QyT9P8FoR+:0qWgcYHSMOK7Y+1ilI5VwmyT98Fx

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks